Jump to content

LDTate

Trusted Malware Techs
  • Content Count

    255
  • Joined

  • Last visited

Everything posted by LDTate

  1. How are you diong with the fix?
  2. Sorry I don't see anything else in your HJT log to fix.
  3. Unless you know what this is; use Add/Remove Programs and remove: Hyperteams Scan with HJT and kill this one: O4 - Startup: Hyperteams.lnk = C:\Program Files\Hyperteams\framework.exe Delete this file is still listed C:\Program Files\Hyperteams\framework.exe Reboot and let me know how it's working.
  4. Restart your computer in Safe Mode. Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen. Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter. This can take several miniutes to load. C:\PROGRA~1\COMMON~1\ICROSO~1 Delete this folder, I think it will be here: C:\PROGRAM Files\COMMON Files\ICROSOFT <--Make sure it starts with ICROSO Scan with HJT and fix this one: O2 - BHO: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) Empty Recycle Bin Reboot Normal and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.
  5. Good Job Log looks good Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one. It is critical to have both a firewall and anti virus to protect your system. Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below. Safe Surfing. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein
  6. You can go through this fix again and see if it finds anything. Download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please download the trial version of ewido anti-malware 3.5 here:http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. While still in Safe Mode: Open C:\Windows\Prefetch\ Delete ALL files in this folder. Do this also if these Temp Folders are part of your OS. Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  7. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: Save WhenUSave Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O20 - Winlogon Notify: wineqx32 - wineqx32.dll (file missing) Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\Program Files\Save\Save.exe Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  8. Please do not delete anything unless instructed to. 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: RXToolBar Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: R3 - URLSearchHook: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) O2 - BHO: (no name) - {FC2593DC-2762-50CF-4146-5950DD203EC6} - C:\WINDOWS\system32\wbvde.dll (file missing) O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKCU\..\Run: [sen] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\rundll.exe" -vt ndrv O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SOONGOO\LOCALS~1\Temp\hpdj.exe (file missing) Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\PROGRA~1\COMMON~1\ICROSO~1.NET\rundll.exe <--ONLY from this location Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  9. Were you able to do that?
  10. Great job You're more then welcome. Glad we were able to help Peace be with you
  11. Good Job use Add/Remove Programs and remove Ewido unless you want to keep it. It's only a 14 day trial version. Log looks good Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one. It is critical to have both a firewall and anti virus to protect your system. Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below. Safe Surfing. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein
  12. Important: Do this before any fix. Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT). You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT. Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste. The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files. After the above: Please do not delete anything unless instructed to. Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyeBay...se*kids*clothes R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoftnews.com/ms/display_main.php?tac=Alexa O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - Startup: PowerReg Scheduler V3.exe Close ALL windows and browsers except HijackThis and click "Fix checked" Delete these Files if listed: C:\WINDOWS\ALCXMNTR.EXE Open C:\Windows\Prefetch\ Delete ALL files in this folder. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.
  13. Lets try this then. Please download the trial version of ewido anti-malware 3.5 here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  14. Were you visiting a certain web site when it popped up? What exactlydoes it say when the winfixer pops up?
  15. Hello angie276, welcome to the Forum. Download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES. Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please download the trial version of ewido anti-malware 3.5 here:http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan. While still in Safe Mode: Open C:\Windows\Prefetch\ Delete ALL files in this folder. Do this also if these Temp Folders are part of your OS. Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  16. HelloGoosh , welcome to the forum. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Download the trial version of Spy Sweeper from Here Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper) You will be prompted to check for updated definitions, please do so. (This may take several minutes) Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box. Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection! When the sweep has finished, click Remove. Click Select All and then Next From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient. Exit Spy Sweeper. Empty Recycle Bin Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread. Also please describe how your computer behaves at the moment.
  17. As long as you get Spyware Blaster don't worry about IESPY AD.
  18. You're more then welcome. Glad we were able to help Peace be with you
  19. You're more then welcome. Glad we were able to help Peace be with you
  20. Hello Mildlybatty, welcome to the forum Name Status Filename Description Hot Key Kbd 2690 Daemon SK9910DM.exe Multimedia keyboard manager - required if you use any special keys Hot Key Keybd 9910 Daemon SK9910DM.exe Multimedia keyboard manager - required if you use any special keys SK9910DM SK9910DM.EXE Multi-function keyboard driver. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys That one looks OK to me. Beings you are using HP Share-to-Web, I suggest you read this link and see if you're having this issue. http://forums.security-central.us/showthread.php?t=931 Your log looks clean to me.
  21. Only issue I see is that you are running 2 Anti-Virus programs at the same time: Nortons and Grisoft. That can cause conflicts and lockups. I suggest you use Add/Remove Programs and remove one of them.
  22. Good Job Log looks good Note: This will remove all previous Restore Points Turn off System Restore: On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer, turn it back on. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Remove the Check Turn off System Restore. Click Apply, and then click OK. Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Check "Hide file extensions for known file types." Under the "Hidden files" folder, Uncheck "Show hidden files and folders." Check "Hide protected operating system files." Click Apply, and then click OK. If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one. It is critical to have both a firewall and anti virus to protect your system. Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below. Safe Surfing. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein
  23. I don't see anything there either. Any Winfixer popup warnings?
  24. I don't see anything bad but I need to see the top part of your HijackThis log. Are you having any problems with the PC? Please post a new HJT log showing the top part.
  25. One thing I just noticed is it looks like you're running Nortons Anti-Virus as well as Grisoft. You need to use Add/Remove Programs and remove one of them. Running more then 1 AV can cause conflicts and lookups. I don't see any signs of Winfixer in your log. Lets see if this will find anything. Download this one and let me know if it finds anything. RootkitRevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html When it's done, go to file->save save the logfile to the desktop, and then paste the contents here.
×
×
  • Create New...